agent built by build.py doesn't run: Decompress ELF: gzip: invalid header

[zlgxzswjy]

Testing on Kali Linux kali 5.14.0-kali4-amd64 #1 SMP Debian 5.14.16-1kali1 (2021-11-05) x86_64 GNU/Linux I used ./build.py agent -y to generate a agent 。but when I run ./build/agent_[md5]，I got an error: Decompress ELF: gzip: invalid header

[jm33-m0]

You need to post build.py's output here

[zlgxzswjy]

thank you for your reply: build agent's output is here:

┌──(root💀kali)-[~/Desktop/tools/emp3r0r/core]
└─# ./build.py agent -y
Choosing 'yes' for 'Use cached CC address (172.16.250.128)?'
CC status indicator URL (leave empty to disable): 
Choosing 'yes' for 'Use cached agent proxy ()?'
Choosing 'yes' for 'Use cached CDN server ()?'
Choosing 'yes' for 'Use cached DoH server ()?'
Choosing 'yes' for 'Use autoproxy (will enable UDP broadcasting)'
Using cached CA cert (-----BEGIN CERTIFICATE-----
MIIC4TCCAcmgAwIBAgIUcY2tqfi9kl7sCAF7YKfragMebUkwDQYJKoZIhvcNAQEL
BQAwADAeFw0yMTEyMjEwMjAyMTVaFw0zMTEyMTkwMjAyMTVaMAAwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe27D8CiyLNaSjy/8nHYvFyuRMPTgeQ3uo
G0vcnFarB4sWlD3gruuX40a+y7zARk5dGnrkP1nES+tfaLssELvGzQZy+voy0DRE
6OsySnj8yBe7q06JIbyKpvvp91k6FQyuVgKaT2jEqhFkaNXVgfhM0mbN6WfnvVAi
uVKhnpc+EB7KUG5Ta3LtKh7nMi1jMh9wbn3mW6uyl4M8ZZCsoMKBEK6gRMNKdGzf
oGac4aJOfcqI4iEmY/zoZTGkYTXeQP9xP3B9D/i1t+t4qXIJ902zs41mxLxN9Q+Q
7YsZkqrJuQ88IK0mgeFLZMZr4rybvm1QY70k6ZXy4KATizFxpv5xAgMBAAGjUzBR
MB0GA1UdDgQWBBQXo7au6OgGULUAdFeiI5M9kavizjAfBgNVHSMEGDAWgBQXo7au
6OgGULUAdFeiI5M9kavizjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQBPncmVYUzC1RMc27VtZS5vt4cNL1xqiPGpBG880NuX0MQrIvXenmTV9LqM
cge2jnCGqHZf+LoeqeY2tQvNFNphOMP0QKedy6EIrFl2FhWXMU9j8X5Z59nbXPo5
06sgL9GzL3/nLFrTTHBGcVNSqb0bkTRaePXbt7aIx/4FDcqoZY+DT2kmFyVoFStY
30A2Sm94uLNuFsN3Ult9ig4lPbv1Cfzi7vKCKHeAsT6u4h60QAzfeaIV+8yjibht
9JMk9jifWEQcsvTHV/FF4F97q0JE/ARYFXqk+9GlxtDU5vVtQRCjyqjsIZF07FQ4
fj8OnYBLM7nJywYsFEq57OpncZ94
-----END CERTIFICATE-----
),
make sure you have the coresponding keypair signed by it
[*] Copying CC keypair to ./build
 Copy ./tls/emp3r0r-cert.pem to ./build
 Copy ./tls/emp3r0r-key.pem to ./build
GO BUILD starts...
GO BUILD ends...
./build/agent-0fcc0432-6202-11ec-b94c-000c295083c9 generated
run cryptor.exe
2021/12/21 10:02:34 ELF size: 10813440 bytes
2021/12/21 10:02:36 ELF compressed: 3835002 bytes (0.35%)
2021/12/21 10:02:36 ./agent has been packed as ./agent.packed.exe
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2020
UPX 3.96        Markus Oberhumer, Laszlo Molnar & John Reiser   Jan 23rd 2020

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
   5776558 ->   4640024   80.33%   linux/amd64   agent-0fcc0432-6202-11ec-b94c-000c295083c9

Packed 1 file.
./build/agent-0fcc0432-6202-11ec-b94c-000c295083c9 packed

┌──(root💀kali)-[~/Desktop/tools/emp3r0r/core]
└─# ./build/agent-0fcc0432-6202-11ec-b94c-000c295083c9                                                                                                                                              
2021/12/21 10:03:36 Decompress ELF: gzip: invalid header

[jm33-m0]

Thank you, I can reproduce this, a fix will be updated soon

[zlgxzswjy]

that's great !

[jm33-m0]

https://github.com/jm33-m0/emp3r0r/blob/5bd87ed9701db1b35c675ba539f7f998c5fd3ecd/core/build.py#L169

Looks like upx somehow messes with my existing compression, for now I will disable upx in build.py to mitigate this issue

[zlgxzswjy]

Okay, let me try it first. Wait for you to solve it completely